Recommended Practice: Creating Cyber Forensics Plans for Control Systems

摘要: Cyber forensics has been in the popular mainstream for some time, and matured into an information-technology capability that is very common among modern information security programs. The goal of cyber to support elements troubleshooting, monitoring, recovery, protection sensitive data. Moreover, event a crime being committed, also approach collecting, analyzing, archiving data as evidence court law. Although scalable many technology domains, especially corporate architectures, can be challenging when applied non-traditional environments, which are not comprised current technologies or designed with do provide adequate storage audit capabilities. In addition, further complexity introduced if environments using proprietary solutions protocols, thus limiting ease forensic methods utilized. legacy nature somewhat diverse disparate component aspects control systems often prohibit smooth translation analysis domain. Compounded by wide variety well critical system no store significant amountsmore » information, task creating ubiquitous unified strategy technical on device computing resource far from trivial. To date, direction regarding it relates produced other than what might privately available commercial vendors. Current materials have recreation (event-based), although important, these requirements always satisfy needs associated incident response driven incidents. address issues accommodate diversity both architecture types, framework based recommended practices domain required. This must fully flexible allow deployment any environment regardless used. integration network traditionally closed systems, result true defense-in-depth architectures. document takes traditional concepts engineering provides augmentation operational environments. guidance reader specifics relating organizations create self-sustaining program, maintenance evolution such As community interest without specific how proceed this product intended first step.« less